new prism (connexant)

Denis Vlasenko vda at port.imtp.ilyichevsk.odessa.ua
Wed Jun 16 11:28:22 EDT 2004


On Wednesday 16 June 2004 10:54, Jim Thompson wrote:
> On Jun 15, 2004, at 6:35 AM, Denis Vlasenko wrote:
> > For me, it translates into:
> > "802.1X is useless for wired LANs and 802.11"
> > Am I missing something?
>
> Yeah.
>
> First 802.11 is useless in the face of a DOS attack.  I can just send
> deauthenticate frames for the
> client to the AP.  Presto, you're cooked.

Yes. :(

> There are a plethora of other DOS attacks on 802.11, before you get to
> the physical layer, which is,
> btw, completely unprotected.

I think brute force flood cannot be defeated, so this
can't be blamed on 802.11.

All non-flood ways of DoSing should be thought of,
and measures against them taken, at protocol design stage.

> So no, 802.1x isn't fatally flawed.  Its better than WEP, and
> 802.1x/EAP-TLS is *AT LEAST* as good running
> IPSEC over the wireless link in all but the situation where full certs
> are deployed at each end.
 
There are at least three working crypto tunnels for Linux which I used,
and one of them, OpenVPN, is as strong as IPSEC and also have Windows port.
Then, ther is IPSEC itself. For the time being, I will try to stay away
from 802.1X
--
vda




More information about the HostAP mailing list